arrow drop shape demo
Privacy Policy
roen

Privacy Policy

Privacy Notice

Updated: 02.12.2019

 

The following privacy notice was written for www.thecandyshop.com and it will be reviewed and updated periodically according all applicable laws and regulations.

 

The purpose of this Privacy Notice is to easily inform you regarding:

  1. The definitions of the terms provided by the GDPR
  2. Who is thecandyshop.com
  3. Where can you find us and how can you contact us
  4. What personal data may The Candy Shop process about you
  5. How your personal data are processed by The Candy Shop
  6. The purposes and legal basis of the processing
  7. The disclosure of your personal data to third parties
  8. Which are your rights and how can you effectively exercise them
  9. Children’s personal data – you must be over 16 years old
  10. What security precautions does The Candy Shop take to protect you
  11. Links to other websites
  12. Changes to the privacy policy
  13. Information concerning Data Protection Supervisory Authority

 

  1. The definitions of the terms provided by the GDPR

 

NSAPDP – The National Supervisory Authority for Personal Data Processing

Personal data – any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Processing – any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Restriction of processing – the marking of stored personal data with the aim of limiting their processing in the future;

Controller – the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by the European Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

Processor – a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

Recipient – a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with the European Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

Third party – a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data;

Consent of the data subject – any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Data Breach – A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data. This means that a breach is more than just losing personal data.

Supervisory Authority – an independent public authority which is established by a Member State;

 

  1. Who is www.thecandyshop.com?

 

” The Candy Shop” is the commercial name of the company COMPANIA DE SUNET S.R.L., a Romanian limited liability company registered in Bucharest under the unique number: RO 32193813, legally represented by Mr. Oliver Sterian.

www.thecandyshop.com is the official website of the company which is continually developing to become your first choice of customized audio and video advertising products.

The Candy Shop is the controller for the personal information we process, unless otherwise stated.

 

  1. Where can you find us and how can you contact us

 

You can find us at our office located in Bucharest, 93 Agricultori, District 2, Romania.

You can also contact us at the following e-mail: oliver.sterian@thecandyshop.ro

 

  1. What personal data may The Candy Shop process about you

 

In general, we collect your personal data directly from you, so that you have control over the type of information you provide to us.

Personal data collected by The Candy Shop may include data such as:

Class a. e-mail, full name, CV and other info provided by you when you contact us using the form available on our website in the sections ”get in touch with us” or ”send us your CV”;

Class b. technical standard internet login information which may include: only a truncated version of your IP address, information about your computer or device used to access thecandyshop.com (device type, operating system, screen resolution, language, the country you are located in, and web browser type, etc.) and your preferences regarding the cookies that process personal data;

Your IP is captured and stored in an anonymized format by suppressing the last octet, so your full IP address never reaches our servers, and we never have access to it.

Class c. aggregate statistic data such as: the city from where your traffic is coming from, customer demographics or interests and behavior. These data may reveal from your activity on our website;

 

  1. How your personal data are collected by thecandyshop.com

 

Your personal data may be collected by The Candy Shop in two ways:

a. When you voluntarily provide such information to us by filling in the available fields on our website;

b.We may automatically collect some technical information about your device used to access thecandyshop.com such as a truncated version of your IP address, operating system type, browser type, screen resolution, and so forth.

Based on your activity on our website, we collect standard internet log information and details of visitor’s activity, using a third-party service.

This research may be compiled and analyzed on an aggregate basis.

This aggregate information does not identify you personally. This information is gathered and expressed in a summary form for purposes such as statistical analysis.

All data collected automatically will be used to administer or to improve our services and our website.

We are doing this to know things such as: how many visitors we have on our website, the number of visitors to the various parts of the site, what version of our website must be displayed to you (mobile/desktop) depending on the device used to access our website.

All the collected personal data mentioned above are stored on our servers and on our partner’s servers which have taken high-security measures to respect the provisions of Regulation no. 679/2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) – GDPR.

 

We will keep:

  • any information that you provide to us (such as your name and e-mail) for a reasonable period of 1 year unless taking into account specific situation: (i) we are legally forced to keep it for a longer period; (ii) we have a contractual relationship or (iii) we justified a legitimate interest;
  • all information collected using cookies according to our Cookie Policy;

 

  1. Purposes and legal basis of the processing

 

All the information that we collect about you are processed for the following purposes:

Class a – we process your data that you provided to us through the sections available on our website in order to respond to your offer request or job application.

In this case, The Candy Shop processes your data on the legal basis stipulated in Art. 6 para. 1 letter b) of GDPR – performance of a contract or necessary steps at the request of the data subject prior to entering into a contract.

 

Class b – we process your technical standard internet login information, as defined above, because some of them are essential for our website to be functional while others help us to offer you the best experience on our website (e.g., to adjust our services to your device), including all the content as it is available on the website.

 

The Candy Shop processes your technical data on the legal basis stipulated in art. 6 para. 1 letter f) of the GDPR, which allows us to process personal data when it is necessary for the purpose of our legitimate interests – website functionality.

 

Class c – we process aggregated statistic data as defined above, using cookie delivered by companies such as Google Analytics, Cookie Law Info Plugin, Litespeed Server, for improving our services on our website.

Cookies are used to process information, including standard internet log information and details of the visitor’s behavioral patterns upon visiting our site.

Cookies are stored on your device, and you have full control over their usage.

 

You may deactivate or restrict the transmission of cookies by changing the settings of your web browser by following the steps indicated in our Cookie Policy. Cookies that are already stored may be deleted at any time.

 

For more information related to the data processed by each cookie, please check our Cookie Policy .

The Candy Shop processes the aggregated statistic data on the legal basis stipulated in Art. 6 para. 1 letter a) of GDPR – the data subject’s consent.

 

Please note that you can choose at any time to withdraw your consent, without affecting the processing already performed, by changing the settings of your web browser.

 

 

  1. Any disclosure of your personal data to third parties

 

Our employees:

Our employees have access to your personal data and, they have been trained to respect confidentiality.

Business development:

We will not share your information with any third parties for the purposes of direct marketing.

We are trying to do the best in our industry, so sometimes we may choose to collaborate with other companies to perform certain business-related functions such as hosting or Google Analytics’ features. In this case, we provide them only with the information that they need to perform their specific functions.

For example we use:

a. for Hosting: Google – if you want to know more about their privacy policy, you can find it here;

b. for monitoring website activity: Google Analytics – if you want to know more about their activity please check our Cookie Policy.

c. for remembering your options regarding the cookie usage: Cookie Law Info Plugin – if you want to know more about their activity please check it here

d. for storing server’s settings: Litespeed Server – if you want to know more about their activity please check it here.

 

Legal Requirements:

Your personal data may be communicated to governmental authorities and/or law enforcement agencies if such processing is required under the applicable law.

 

  1. Which are your rights and how can you effectively exercise them?

 

The Candy Shop, as a controller, ensures technical and organizational measures to be sure that your rights (as a data subject) are respected:

 

Right of access You have the right to obtain the confirmation as to whether or not personal data concerning you are being processed by us, and, where that is the case, access to your personal data and information on how they are processed

 

Right to data portability You have the right to receive some of your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and you have also the right to transmit those data to another controller without hindrance from us, where technically feasible.

 

Right to object You have the right to object to processing of your personal data, when processing is necessary for the performance of a task carried out in the public interest or for the purposes of the legitimate interests pursued by us. You have the right to object at any time if your personal data are being processed for direct marketing purposes.

 

Right to rectification You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. The rectification shall be communicated to each recipient to whom the data was sent unless this proves impossible or involves disproportionate (demonstrable) efforts.

 

Right to erasure

(‘right to be forgotten’)

You have the right to obtain from us the erasure of personal data concerning you without undue delay and we have the obligation to erase  your personal data without undue delay where one of the following grounds applies: your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraws consent on which the processing is based and there is no other legal ground for the processing; you objects to the processing and there are no overriding legitimate grounds for the processing; your personal data have been unlawfully processed; your personal data have to be erased for compliance with a legal obligation; your personal data have been collected in relation to the offer of information society services.

 

Right to restriction

of processing

You have the right to obtain from us restriction of processing where one of the following applies: you contest the accuracy of your personal data, for a period enabling us to verify the accuracy of your personal data; the processing is unlawful and you oppose the erasure of your personal data and request the restriction of their use instead; we no longer need your personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims; you has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.

 

The processing of personal data obtained through the website www.thecandyshop.com is carried out in compliance with the provisions of the GDPR regulations.

For any information or requests in accordance with your rights, please contact us at the following email address: oliver.sterian@thecandyshop.ro

 

 

  1. Children’s personal data

 

The Candy Shop does not collect any Personal Data from children under the age of 16.

So, if you are under 16 please do not submit to us any Personal Data.

 

  1. What security precautions does The Candy Shop take to protect you?

 

We have assumed the responsibility to implement proper technical and organizational measures regarding the protection of privacy and security of your personal data. We have taken all reasonable measures to protect your Personal Data from damage, loss, misuse, unauthorized access, alteration, destruction, or disclosure, as following:

a. People who have access to our filing system are only those nominated by The Candy Shop. To accesses the system, they use individual accounts and passwords which are changed periodically.

b. All our employees, collaborators and service providers who are in contact with personal data must act in accordance with the principles and policies regarding to the processing of personal data. They were informed and they have assumed to respect of the GDPR by signing the Data Processing Agreements or as an effect of the law.

c. Our employees and collaborators access personal data for the performance of their professional duties and only in accordance with the stated purpose of data collection.

d. Computers from which the filing system is accessed are password-protected and have antivirus, antispam and firewall security updates.

e. Personal data is printed only by authorized users, if it is necessary to perform our activity or to fulfill our legal obligations.

Please also select carefully what personal data do you choose to submit thinking that the internet or e-mails aren’t impenetrable spaces, and a technical error can cause an unhappy event.

 

  1. Changes to the privacy policy

 

Believing that we are constantly developing our services, we are confident that our platform may soon have new functions, so our Privacy Notice will be updated accordingly.

In order to keep you informed, we always publish the latest version of the Privacy Notice on our website.

We assure you that the way we collect and process your personal data is in accordance with the provisions of the GDPR Regulation.

If you have any questions about our Privacy Policy, please contact to us at: oliver.sterian@thecandyshop.ro.

 

  1. Links to other websites

 

On our website you can find links to other organizations. This Privacy Notice do not cover the data processed by them.

If you decide to access other organization’s links, we encourage you to carefully read their Privacy Notices which should be find on their websites.

 

  1. Information concerning Data Protection Supervisory Authority

 

If you consider that your rights provided by Regulation no. 679/2016 have been violated, you can address directly to us or to our Data Protection Supervisory Authority: National Authority for the Supervision of the Processing of Personal Data (Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal) ”ANSPDC” by submitting a complaint.

 

Contact details of the authority:

Link for compliances: https://www.dataprotection.ro/?page=Plangeri_pagina_principala

Contact link: https://www.dataprotection.ro/?page=contact&lang=ro

Website: https://www.dataprotection.ro/

Address:

28-30, G-ral. Gheorghe Magheru

Sector 1, cod postal 010336

Bucharest, Romania

 

Tel: +40.318.059.211 or +40.318.059.212

Fax: +40.318.059.602